[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: brute force ssh attack



On 4/27/05, Aleksandar Milivojevic <amilivojevic pbl ca> wrote:
> Daniel Kirsten wrote:
> > there are numerous brute force ssh attacks in the web.
> > I was quite curious, and for fun, I created the typical
> > user accounts and set easy to guess passwords....
> 
> Generally, very bad idea.  Unless you know exactly what you are doing,
> which you obviously don't.

Also, learn to use ssh RSA keys rather than allowing ssh passwords.
Even if you have keys you still need to disable passwords for it
to be secure.  Doing that prevents dictionary password-guessing
attacks.  To disable ssh password access, edit /etc/ssh/sshd_config
and set

  PasswordAuthentication no

You may also want to disable root via ssh as well with

  PermitRootLogin no

(After changing config either reboot or 'service sshd restart')
-- 
Deron Meranda


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]